In a significant move to bolster Android security, Google has patched a high-severity vulnerability in the Android kernel that has been actively exploited. The flaw, identified as CVE-2024-36971, poses a serious risk of remote code execution affecting the kernel.
Google’s August 2024 Android security bulletin highlights that there are signs of targeted exploitation of CVE-2024-36971. The company, however, has not provided specific details about the nature of the attacks or identified any particular threat actors responsible for these exploits. It remains unclear whether Pixel devices are affected by this vulnerability.
Clement Lecigne from Google’s Threat Analysis Group (TAG) has been instrumental in discovering this issue. Lecigne’s report suggests that commercial spyware vendors might be using this vulnerability to conduct targeted attacks on Android devices.
The August security update addresses a total of 47 vulnerabilities, including issues found in components from Arm, Imagination Technologies, MediaTek, and Qualcomm. Among the fixes are 12 privilege escalation vulnerabilities, one information disclosure flaw, and one denial-of-service (DoS) vulnerability within the Android Framework.
In a related development, Google disclosed in June 2024 that an elevation of privilege vulnerability in Pixel Firmware (CVE-2024-32896) was being exploited in targeted attacks. The company has since confirmed that the impact of this vulnerability extends beyond Pixel devices to the broader Android ecosystem and is collaborating with OEM partners to implement necessary fixes.
Previously, Google resolved two critical security flaws in the bootloader and firmware components (CVE-2024-29745 and CVE-2024-29748) that were exploited by forensic companies to access sensitive data.
This update follows the U.S. Cybersecurity and Infrastructure Security Agency (CISA) adding CVE-2018-0824, a remote code execution flaw in Microsoft COM for Windows, to its Known Exploited Vulnerabilities (KEV) catalog. Federal agencies are required to address this flaw by August 26, 2024. This decision comes after Cisco Talos reported that the vulnerability was exploited by the Chinese nation-state threat actor APT41 in an attack targeting a Taiwanese government-affiliated research institute.
Related topics:
What Is Residual Learning for Image Recognition